The important feature of the zero-day solution is “session persistence”, which means a hacker’s session using a target Google account will continue to remain valid in the face of a password change.
This means the true owner of the Google account won’t be able to kick them out with a password reset. But further, it also allows any threat actor exploiting it to “generate valid cookies in the event of a session disruption”, which CloudSEK says enhances the attacker’s ability to…
Source link